September 2017 - FreeIPA-devel - Fedora Mailing-Lists

[freeipa PR#1047][opened] Use the user-provided CA chain file in connections & check for file existence

by rcritten

URL: https://github.com/freeipa/freeipa/pull/1047 Author: rcritten Title: #1047: Use the user-provided CA chain file in connections & check for file existence Action: opened PR body: """ The user now may provide their own CA chain to the make API commands but it isn't honored. The value is also not checked for existence throwing a generic "no such file" error rather than "file <foo> doesn't exist" """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1047/head:pr1047 git checkout pr1047

6 years, 4 months

1
1
0 / 0

[freeipa PR#1056][opened] Remove temporary workaround for Travis CI

by stlaz

URL: https://github.com/freeipa/freeipa/pull/1056 Author: stlaz Title: #1056: Remove temporary workaround for Travis CI Action: opened PR body: """ Once Travis fixes their issue/will post resolution, we can remove the workaround. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1056/head:pr1056 git checkout pr1056

6 years, 5 months

2
1
0 / 0

[freeipa PR#846][opened] Travis: Add tox tests

by MartinBasti

URL: https://github.com/freeipa/freeipa/pull/846 Author: MartinBasti Title: #846: Travis: Add tox tests Action: opened PR body: """ Tox tests contain various testcases for PyPI wheel builds """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/846/head:pr846 git checkout pr846

6 years, 5 months

4
7
0 / 0

[freeipa PR#948][opened] Test script for ipa-custodia

by tiran

URL: https://github.com/freeipa/freeipa/pull/948 Author: tiran Title: #948: Test script for ipa-custodia Action: opened PR body: """ You may find my test script for ipa-custodia useful for testing and debugging issues like https://bugzilla.redhat.com/show_bug.cgi?id=1476150 Signed-off-by: Christian Heimes <cheimes(a)redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/948/head:pr948 git checkout pr948

6 years, 5 months

1
1
0 / 0

FreeIPA wiki migration to OpenShift v3

by Martin Kosek

Hello all, I would like to start a discussion regarding the migration of current FreeIPA services that are running on OpenShift v2 that was obsoleted [1] and will go soon EOL (the ultimate cut-off date is Dec 31, 2017). After a short discussion I had with several FreeIPA developers, the preference remained with keeping this application on OpenShift (v3 generation), as it will let us easily maintain it on a PaaS, without having to care about maintaining our own infra. It will be also easy to delegate maintenance powers to more people. Given above, I have now set up a Pro account with OpenShift v3 and migrated the base FreeIPA wiki as an application there, with today snapshot of data and images. When the POC deployment is ready and approved on this list, I can switch the current wiki to readonly and request change of "www.freeipa.org" DNS records to get it to production. The POC wiki is running in [2], with OpenShift application sources being stored in a public git repo [3]. Eventually, the OpenShift could be configured to rebuild the wiki after a git push to [3], to enable easy changes to wiki to it's maintainers. Let me know if there are any concerns about having the wiki sources public. The secrets and keys are of course not in the repo, but configured via OpenShift environment variable. The POC now runs pretty well, the only issue I found so far is linking the wiki user authentication with Fedora auth. The problem is that the current OpenID plugin [4] is deprecated and does not run with modern PHP version and I could not get the new OpenID Connect one [5] to work reliably with our wiki and Fedora OIDC service. I either received authentication errors or later problems with linking the authenticated user to current account. So for now I gave up and enabled simple password auth by password again. Feedback welcome! Thanks, Martin [1] https://blog.openshift.com/migrate-to-v3-v2-eol/ [2] https://freeipa-org-wiki-freeipa.b9ad.pro-us-east-1.openshiftapps.com [3] https://github.com/freeipa/freeipa-wiki [4] https://www.mediawiki.org/wiki/Extension:OpenID [5] https://www.mediawiki.org/wiki/Extension:OpenID_Connect -- Martin Kosek <mkosek(a)redhat.com> Manager, Software Engineering - Identity Management Team Red Hat, Inc.

6 years, 5 months

3
4
0 / 0

[freeipa PR#903][opened] Warning the user when using a loopback IP as forwarder

by felipevolpone

URL: https://github.com/freeipa/freeipa/pull/903 Author: felipevolpone Title: #903: Warning the user when using a loopback IP as forwarder Action: opened PR body: """ Now, the user can pass a loopback IP in the --forwarder option. Previously, an error would be raised, now we just show a warning message. Fixes: https://pagure.io/freeipa/issue/5801 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/903/head:pr903 git checkout pr903

6 years, 5 months

1
1
0 / 0

[freeipa PR#1027][opened] prci: add external_ca test

by tomaskrizek

URL: https://github.com/freeipa/freeipa/pull/1027 Author: tomaskrizek Title: #1027: prci: add external_ca test Action: opened PR body: """ Add external_ca to the PR CI test suite. Signed-off-by: Tomas Krizek <tkrizek(a)redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1027/head:pr1027 git checkout pr1027

6 years, 5 months

1
1
0 / 0

[freeipa PR#1114][opened] Use 389-ds provided method for file limits tuning

by rcritten

URL: https://github.com/freeipa/freeipa/pull/1114 Author: rcritten Title: #1114: Use 389-ds provided method for file limits tuning Action: opened PR body: """ Previously IPA would set the LimitNOFILE value to 8192 to increase the number of concurrent clients. 389-ds-base does this by default as of 1.3.7.0. Remove the IPA-specific tuning and rely on the out-of-the-box 389-ds-base tuning. Bump the required version of 389-ds-base to 1.3.7.0. Any other tuning added by 389-ds-base will result in a dirsrv.systemd.rpmsave file which admins will need to merge in manually, like typical .rpmsave config changes. https://pagure.io/freeipa/issue/6994 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1114/head:pr1114 git checkout pr1114

6 years, 6 months

2
1
0 / 0

[freeipa PR#1033][opened] Fixing internal error in param-{find,show}

by felipevolpone

URL: https://github.com/freeipa/freeipa/pull/1033 Author: felipevolpone Title: #1033: Fixing internal error in param-{find,show} Action: opened PR body: """ Fixing internal error in param-{find,show} with nonexistent object and showing properly error message. Since PR #1013 probably won't be updated anymore, I created this one with previous work plus some additional changes. https://pagure.io/freeipa/issue/7134 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1033/head:pr1033 git checkout pr1033

6 years, 6 months

2
1
0 / 0

[freeipa PR#1079][opened] ipa-server-upgrade: fix the logic for tracking certs

by flo-renaud

URL: https://github.com/freeipa/freeipa/pull/1079 Author: flo-renaud Title: #1079: ipa-server-upgrade: fix the logic for tracking certs Action: opened PR body: """ ipa-server-upgrade needs to configure certmonger with the right options in order to track PKI, HTTP and LDAP certs (for instance the RA agent cert location has changed from older releases). The upgrade code looks for existing tracking requests with the expected options by using criteria (location of the NSSDB, nickname, CA helper...) If a tracking request is not found, it means that it is either using wrong options or not configured. In this case, the upgrade stop tracking all the certs, reconfigures the helpers, starts tracking the certs so that the config is up-to-date. The issue is that the criteria is using the keyword 'ca' instead of 'ca-name' and this leads to upgrade believing that the config needs to be updated in all the cases. https://pagure.io/freeipa/issue/7151 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1079/head:pr1079 git checkout pr1079

6 years, 6 months

1
1
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

FreeIPA-devel September 2017